Commit 8b844953 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add support for ServerInfo SSL_CONF option. 



Add support for ServerInfo SSL_CONF option and update documentation. This
was wrongly omitted from the 1.0.2 release.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent c1559f50

doc/ssl/SSL_CONF_cmd.pod

+5 −0
Original line number Diff line number Diff line
@@ -195,6 +195,11 @@ context. This option is only supported if certificate operations 
are permitted. Note: if no B<-key> option is set then a private key is

not loaded: it does not currently use the B<Certificate> file.



=item B<ServerInfoFile>



Attempts to use the file B<value> in the "serverinfo" extension using the

function SSL_CTX_use_serverinfo_file.



=item B<DHParameters>



Attempts to use the file B<value> as the set of temporary DH parameters for

ssl/ssl_conf.c

+13 −0
Original line number Diff line number Diff line
@@ -386,6 +386,18 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) 
    return rv > 0;

}



static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)

{

    int rv = 1;

    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))

        return -2;

    if (!(cctx->flags & SSL_CONF_FLAG_SERVER))

        return -2;

    if (cctx->ctx)

        rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);

    return rv > 0;

}



#ifndef OPENSSL_NO_DH

static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)

{
@@ -444,6 +456,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { 
    SSL_CONF_CMD_STRING(Options, NULL),

    SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),

    SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),

    SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),

#ifndef OPENSSL_NO_DH

    SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)

#endif